Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/B0T8weZXUscsWhC7iApduZaE7es.roa
File:                     B0T8weZXUscsWhC7iApduZaE7es.roa (raw, json)
Hash identifier:          ap36AJzAG9Kk2VgRa5WWQMrtUG1JwGfulJmn02Ns1cw=
Subject key identifier:   07:44:FC:C1:E6:57:52:C7:2C:5A:10:BB:88:0A:5D:B9:96:84:ED:EB
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0194214438B6F83323948207C54ABA4B8FCF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/B0T8weZXUscsWhC7iApduZaE7es.roa
Signing time:             Wed 01 Jan 2025 09:48:26 +0000
ROA not before:           Wed 01 Jan 2025 09:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     262725
IP address blocks:        89.213.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:38:b6:f8:33:23:94:82:07:c5:4a:ba:4b:8f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0744fcc1e65752c72c5a10bb880a5db99684edeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:46:ce:71:6e:98:6f:34:1d:a0:49:a8:9e:42:
                    55:e8:0f:c9:ee:d1:ec:b6:d4:af:f4:92:86:d3:cf:
                    87:d6:e6:7f:0a:75:56:7d:e6:e6:74:e2:75:d9:5b:
                    6f:a9:38:cf:33:12:49:a9:b1:6a:9c:68:70:de:5f:
                    ea:cb:64:df:e8:9e:b5:61:a8:f6:d9:7b:f0:b6:a9:
                    87:75:dd:61:df:c9:5b:74:fb:66:ea:30:15:f8:ad:
                    c8:2f:e6:95:15:06:99:82:76:6b:24:45:a7:1a:17:
                    91:d5:1c:7e:96:28:10:b4:77:fc:37:fc:dd:13:7e:
                    f9:f7:5f:01:7d:5e:52:16:68:eb:34:97:6b:fb:a9:
                    c3:de:b1:3f:6b:b9:5a:e0:ea:bf:c2:3d:8d:1e:f3:
                    c5:06:e0:20:12:de:ec:ca:d8:8c:73:e9:e4:16:dd:
                    9f:86:00:df:79:73:81:60:4e:d3:7c:5b:6d:2b:5a:
                    6a:56:7e:e8:66:79:40:cb:dc:db:7b:ca:79:ac:51:
                    4b:8e:f4:2c:03:a5:c0:3d:4e:c6:93:da:8f:b1:2a:
                    f6:f0:0c:64:fe:64:0e:77:12:10:9f:bf:3d:a2:4d:
                    66:60:0b:f0:ed:ed:91:0f:94:74:12:c6:7a:53:1d:
                    ef:bc:ef:6b:14:09:24:82:93:79:fb:b7:d9:ca:62:
                    fb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:44:FC:C1:E6:57:52:C7:2C:5A:10:BB:88:0A:5D:B9:96:84:ED:EB
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/B0T8weZXUscsWhC7iApduZaE7es.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ea:ec:9c:2f:0d:56:1a:ae:8f:79:a9:c8:62:36:92:bc:4f:
         2f:6c:11:fc:0f:0f:75:f7:82:4c:5e:18:8b:ab:86:1f:c2:c2:
         67:22:b6:7f:fd:70:58:dd:9f:80:2f:07:c1:5f:11:20:84:21:
         b1:4c:6e:2a:27:54:30:b7:45:03:58:65:10:25:37:49:7e:f0:
         13:6f:2b:07:d2:65:f4:d8:4b:fc:bf:5c:ba:e3:ee:cf:e6:f7:
         0b:8d:21:19:ca:de:5a:05:dd:ff:b2:db:ee:83:ec:f5:f8:74:
         d1:ae:97:d0:4e:7b:69:0c:1c:72:2c:79:17:a2:40:c9:f1:86:
         4a:89:b8:8f:6e:2e:e3:61:7d:0b:99:b3:51:5b:7e:92:94:59:
         87:a4:51:9e:f9:d7:45:21:1c:e2:7c:20:87:14:a8:b2:19:58:
         51:a3:de:32:5b:ae:6e:45:10:8d:6f:33:a6:f8:03:4f:77:d7:
         74:eb:5a:5f:70:aa:8e:d2:52:98:b4:26:5e:77:57:3c:86:43:
         50:a6:21:fe:d2:41:69:f1:59:e7:92:3e:cf:02:d2:2a:21:67:
         4b:e2:59:05:67:df:19:04:99:9b:a3:f1:38:ed:4c:0f:72:03:
         86:c9:cf:c2:56:86:cb:25:27:73:a8:07:15:a2:44:6c:ef:11:
         dc:59:04:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDi2+DMjlIIHxUq6S4/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQ0ZmNjMWU2NTc1MmM3MmM1YTEwYmI4ODBhNWRiOTk2ODRlZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUbOcW6YbzQdoEmonkJV6A/J7tHs
ttSv9JKG08+H1uZ/CnVWfebmdOJ12VtvqTjPMxJJqbFqnGhw3l/qy2Tf6J61Yaj2
2XvwtqmHdd1h38lbdPtm6jAV+K3IL+aVFQaZgnZrJEWnGheR1Rx+ligQtHf8N/zd
E375918BfV5SFmjrNJdr+6nD3rE/a7la4Oq/wj2NHvPFBuAgEt7sytiMc+nkFt2f
hgDfeXOBYE7TfFttK1pqVn7oZnlAy9zbe8p5rFFLjvQsA6XAPU7Gk9qPsSr28Axk
/mQOdxIQn789ok1mYAvw7e2RD5R0EsZ6Ux3vvO9rFAkkgpN5+7fZymL7QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdE/MHmV1LHLFoQu4gKXbmWhO3rMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQjBUOHdlWlhVc2NzV2hDN2lBcGR1WmFFN2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdUpMA0G
CSqGSIb3DQEBCwUAA4IBAQA16uycLw1WGq6PeanIYjaSvE8vbBH8Dw9194JMXhiL
q4YfwsJnIrZ//XBY3Z+ALwfBXxEghCGxTG4qJ1Qwt0UDWGUQJTdJfvATbysH0mX0
2Ev8v1y64+7P5vcLjSEZyt5aBd3/stvug+z1+HTRrpfQTntpDBxyLHkXokDJ8YZK
ibiPbi7jYX0LmbNRW36SlFmHpFGe+ddFIRzifCCHFKiyGVhRo94yW65uRRCNbzOm
+ANPd9d061pfcKqO0lKYtCZed1c8hkNQpiH+0kFp8Vnnkj7PAtIqIWdL4lkFZ98Z
BJmbo/E47UwPcgOGyc/CVobLJSdzqAcVokRs7xHcWQTV
-----END CERTIFICATE-----